A Resolution Won’t Be Immediate
The issue that TeamsPhisher exploits was initially flagged last month by UK-based cybersecurity experts Jumpsec. Microsoft was made aware of it, but told Jumpsec researchers that it didn’t meet the bar for immediate servicing.
Despite the ability for attackers to spread malware without being detected, Microsoft has stated that it considers the attacks to rely on social engineering to be successful.
In a statement to BleepingComputer, Microsoft added “we encourage customers to practice good computing habits online, including exercising caution when clicking on links to web pages, opening unknown files, or accepting file transfers.”
So while a system repair may not be on the horizon right now, there are a few safety precautions organizations can take to protect from getting attacked: Creating an allow-list for trusted domains can help limit the risk, as can disabling communication with external tenants if they’re not explicitly needed.